Dual ISP on a Cisco 3750 between MPLS and ASA

NtHawk1011 · ‎12-16-2018

My question is how to route internet traffic out an ASA 5505 when there is also an MPLS connection.

I have a Cisco 3750 Layer 3 Switch with VLANs set as follows:

Vlan 255 - 192.160.200.2/30 (MPLS Router@ 192.168.200.1/30)

Vlan 999 - 192.168.1.254 (ASA 5505 @ 192.168.1.1 to Comcast)

Vlan 16 - 192.168.16.0/24 (Internal workstations)

In the switch I have:

ip route 0.0.0.0 0.0.0.0 192.168.1.1

ip route 192.168.0.0 255.255.0.0 192.168.200.1

The ASA has:

route outside 0.0.0.0 0.0.0.0 %Comcast Gateway%

route inside 192.168.16.0 255.255.255.0 192.168.1.254

The default route in the switch did point to the other side of the MPLS circuit at 192.168.200.1

I want to redirect web traffic to go out the comcast connection and all other traffic to go out the MPLS, hence the static route as 192.168.0.0/16 to 192.168.200.1.

Initially in testing the web traffic goes out the comcast connection for the first couple of users that connect but then within a few minutes or so when other users try to connect, they can't. My two test connections continue to work though. Is there some kind of license issue I'm bumping into on the ASA?

Is the fact that I have 192.168.1.0/24 on the ASA causing an issue between it and the static route on the switch at 192.168.0.0/16?

Thank you!

johnd2310 · ‎12-16-2018

Hi,

Could be a license issue. If you run the "Show Version"command on the ASA you should see the number of inside hosts allowed.

Thanks

John

**Please rate posts you find helpful**

NtHawk1011 · ‎12-18-2018

That looks like it could be the culprit. Checked and found only 10 devices allowed. The device only has a base license. User purchased it off Ebay I believe and didn't catch the license type. Thanks for the info!